Skip to main content
CVE-2026-21877 CRITICAL POC PATCH THREAT Act Now

n8n workflow automation (through 1.121.2) allows authenticated users to execute arbitrary code via the n8n service, with scope change enabling full compromise of both self-hosted and cloud instances. EPSS 12.5% indicates high exploitation activity. Patch available.

RCE Code Injection Node.js N8n
NVD GitHub
CVSS 3.1
9.9
EPSS
12.5%
CVE-2026-21891 CRITICAL POC THREAT Emergency

ZimaOS (fork of CasaOS) through 1.5.0 has an authentication bypass where passwords for system service accounts are not properly validated during login. Attackers can access the system using known service account names with any password. PoC available, EPSS 13.6%.

Authentication Bypass Zimaos
NVD GitHub
CVSS 3.1
9.4
EPSS
13.6%
CVE-2026-21858 CRITICAL POC PATCH Act Now

n8n workflow automation (1.65.0 to 1.121.0) allows unauthenticated file access through form-based workflows. A critical CVSS 10.0 vulnerability enabling remote attackers to read sensitive files from the server, with potential for further compromise. PoC available.

Information Disclosure Path Traversal LFI Node.js N8n
NVD GitHub
CVSS 3.1
10.0
EPSS
7.1%
CVE-2025-69258 CRITICAL POC Act Now

Trend Micro Apex Central has a DLL loading vulnerability (LoadLibraryEX) that allows unauthenticated remote attackers to load attacker-controlled DLLs and execute code as SYSTEM. PoC available.

Trend Micro Apex Central
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2017-20216 CRITICAL POC Act Now

FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. [CVSS 9.8 CRITICAL]

PHP Command Injection
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-66913 CRITICAL POC Act Now

JimuReport through 2.1.3 has RCE via user-controlled H2 JDBC URLs. The application passes attacker-supplied JDBC connection strings directly to the H2 driver, which supports directives for arbitrary Java code execution. PoC available.

Java RCE Jimureport
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-67325 CRITICAL POC Act Now

QloApps hotel management system (through 1.7.0) allows unauthenticated web shell upload through the hotel review feature. Attackers can achieve immediate remote code execution. PoC available.

RCE Qloapps
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-61548 CRITICAL POC Act Now

Print Shop Pro WebDesk 18.34 has SQL injection in the hfInventoryDistFormID parameter of GetUnitPrice. Combined with CVE-2025-61546 (negative quantities), this endpoint has two critical vulnerabilities. PoC available, fixed in 19.69.

SQLi Print Shop Pro Webdesk
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-22034 CRITICAL POC PATCH Act Now

Snuffleupagus PHP security module before 0.13.0 can be bypassed when upload validation uses VLD-based scripts without the VLD extension installed. This disables the upload security check entirely, allowing malicious PHP file uploads. PoC available, patch available.

PHP Snuffleupagus
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-21875 CRITICAL POC Act Now

ClipBucket v5 (5.5.2-#187 and below) has blind SQL injection in the channel comment functionality via the obj_id parameter. Unauthenticated attackers can extract the entire database. PoC available.

PHP SQLi Clipbucket
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-22043 CRITICAL POC PATCH Act Now

RustFS (alpha.13 to alpha.78) has a privilege escalation where restricted service accounts can self-issue unrestricted credentials by exploiting a flawed deny_only check in the IAM system. PoC available, patch available.

Privilege Escalation Rustfs
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-61246 CRITICAL POC Act Now

online-shopping-system-php 1.0 has SQL injection in review_action.php via the proId parameter. PoC available.

PHP SQLi Online Shopping System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-68717 CRITICAL POC Act Now

KAYSUS KS-WR3600 router (firmware 1.0.5.9.1) has session validation bypass – if any user is logged in, endpoints accept unauthenticated requests. Attackers piggyback on active sessions to execute privileged actions. PoC available.

Authentication Bypass Ks Wr3600 Firmware
NVD GitHub
CVSS 3.1
9.4
EPSS
0.1%
CVE-2025-66916 CRITICAL POC Act Now

RuoYi-Vue-Plus (through 5.5.1) allows arbitrary file read/write through QLExpress expression evaluation in the snailjob workflow node checker. Attackers can use the File class to access any file on the server. PoC available.

RCE Code Injection Ruoyi Vue Plus
NVD GitHub
CVSS 3.1
9.4
EPSS
0.1%
CVE-2026-21876 CRITICAL POC PATCH Act Now

OWASP Core Rule Set (CRS) before 4.22.0 and 3.3.8 has a bug in rule 922110 that allows WAF bypass on multipart requests. The rule's capture variables get overwritten when processing multiple parts, allowing SQL injection and other attacks to slip through. PoC available, patch available.

Information Disclosure Owasp Modsecurity Core Rule Set
NVD GitHub VulDB Exploit-DB
CVSS 3.1
9.3
EPSS
0.1%
CVE-2025-68715 CRITICAL POC Act Now

Panda Wireless PWRU0 devices (firmware 2.2.9) expose WAN, LAN, and wireless configuration endpoints without authentication. Remote attackers can modify all network settings. PoC available.

Denial Of Service Privilege Escalation Pwru01 Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2026-21881 CRITICAL POC PATCH Act Now

Kanboard project management (through 1.2.48) has an authentication bypass when REVERSE_PROXY_AUTH is enabled. The application trusts HTTP headers for authentication without verifying the request came from the reverse proxy. Any attacker can impersonate any user including admins. PoC available, patch available.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.1
9.1
EPSS
0.3%
CVE-2025-56425 CRITICAL POC Act Now

enaio document management AppConnector (multiple versions) has SMTP command injection via the /osrest/api/organization/s endpoint. Authenticated attackers can inject arbitrary SMTP commands, potentially sending spam or phishing emails through the organization's mail server. PoC available.

Command Injection Enaio
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2025-61546 CRITICAL POC Act Now

Print Shop Pro WebDesk 18.34 allows purchasing items with negative quantities, creating financial discrepancies. Attackers can generate credits or manipulate pricing through the GetUnitPrice endpoint. PoC available, fixed in 19.69.

Code Injection Print Shop Pro Webdesk
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2017-20215 HIGH POC This Week

FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection vulnerability that allows attackers to execute shell commands with root privileges. [CVSS 8.8 HIGH]

Command Injection
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2019-25289 HIGH POC This Week

SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. [CVSS 8.8 HIGH]

Command Injection
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-21869 HIGH POC This Week

Llama.cpp server endpoints fail to validate the n_discard parameter from JSON input, allowing negative values that trigger out-of-bounds memory writes when the context buffer fills. This memory corruption vulnerability affects LLM inference operations and can be exploited remotely without authentication to crash the service or achieve code execution; public exploit code exists and no patch is currently available.

RCE Memory Corruption Denial Of Service AI / ML Llama.Cpp +2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-68719 HIGH POC This Week

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 mishandle configuration management. Once any user is logged in and maintains an active session, an attacker can directly query the backup endpoint and download a full configuration archive. [CVSS 8.8 HIGH]

Information Disclosure Ks Wr3600 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-22255 HIGH POC This Week

Heap buffer overflow in iccDEV versions before 2.3.1.2 allows remote code execution when processing malicious ICC color profiles, affecting applications using the iccDEV library to handle color management data. Public exploit code exists for this vulnerability, and no patches are currently available. An attacker can trigger memory corruption through a crafted ICC profile to achieve arbitrary code execution without user interaction beyond opening the malicious file.

Code Injection Iccdev
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-22042 HIGH POC PATCH This Week

Incorrect IAM permission validation in RustFS prior to version 1.0.0-alpha.79 permits principals with export-only permissions to execute import operations, enabling unauthorized modification of users, groups, policies, and service accounts. Public exploit code exists for this vulnerability, and authenticated attackers can escalate privileges through malicious IAM imports. The issue affects all pre-1.0.0-alpha.79 versions with no patch currently available.

Privilege Escalation Rustfs
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-22257 HIGH POC PATCH This Week

Salvo is a Rust web backend framework. [CVSS 8.8 HIGH]

XSS Salvo
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-22256 HIGH POC PATCH This Week

Salvo is a Rust web backend framework. [CVSS 8.8 HIGH]

XSS Salvo
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2017-20212 HIGH POC This Week

FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input parameters. [CVSS 6.2 MEDIUM]

PHP Information Disclosure Path Traversal
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-63611 HIGH POC This Week

Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields (Explain the Complaint) submitted via /register-complaint.php are stored and rendered unescaped in the admin viewer (/admin/complaint-details.php?cid=<id>). [CVSS 8.7 HIGH]

PHP XSS Hostel Management System
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-67089 HIGH POC This Week

A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the `plugins.install_package` RPC method, which fails to properly sanitize user input in package names. [CVSS 8.1 HIGH]

Command Injection Gl Axt1800 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-22035 HIGH POC PATCH This Week

Arbitrary command execution in Greenshot 1.3.310 and earlier stems from insufficient input validation in filename processing, where unsanitized user-supplied filenames are passed directly to shell commands. An attacker can exploit this through a malicious filename containing shell metacharacters to achieve local code execution with user privileges. Public exploit code exists for this vulnerability; users should upgrade to version 1.3.311 or later.

Windows Command Injection Greenshot
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2025-69259 HIGH POC This Week

A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability.. [CVSS 7.5 HIGH]

Trend Micro Apex Central
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2025-69260 HIGH POC This Week

A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability. [CVSS 7.5 HIGH]

Trend Micro Apex Central
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2025-56424 HIGH POC This Week

An issue in Insiders Technologies GmbH e-invoice pro before release 1 Service Pack 2 allows a remote attacker to cause a denial of service via a crafted script [CVSS 7.5 HIGH]

Denial Of Service E Invoice Pro
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2017-20213 HIGH POC This Week

FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 contains an unauthenticated vulnerability that allows remote attackers to access live camera streams without credentials. [CVSS 7.5 HIGH]

Authentication Bypass
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-50334 HIGH POC PATCH This Week

An issue in Technitium DNS Server v.13.5 allows a remote attacker to cause a denial of service via the rate-limiting component [CVSS 7.5 HIGH]

Denial Of Service Dnsserver
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2019-25279 HIGH POC This Week

Facesentry Access Control System Firmware versions up to 5.7.0 is affected by cleartext storage of sensitive information (CVSS 7.5).

SQLi Facesentry Access Control System Firmware
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2017-20214 HIGH POC This Week

FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiable credentials to gain unauthorized remote access to the thermal camera system. [CVSS 7.5 HIGH]

SSH
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2019-25291 HIGH POC This Week

INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. [CVSS 7.5 HIGH]

Linux Industrial
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-15464 HIGH POC This Week

Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls. [CVSS 7.5 HIGH]

Authentication Bypass Fun Print
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-22244 HIGH POC PATCH This Week

Remote code execution in OpenMetadata versions before 1.11.4 through Server-Side Template Injection in FreeMarker email templates allows authenticated administrators to execute arbitrary code on the affected system. Public exploit code exists for this vulnerability, and attackers with admin-level access can leverage unsafe template processing to compromise the metadata platform. A patch is available in version 1.11.4 and should be applied immediately.

RCE Openmetadata
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2026-22241 HIGH POC PATCH This Week

Openeclass versions up to 4.2 is affected by unrestricted upload of file with dangerous type (CVSS 7.2).

RCE Openeclass
NVD GitHub Exploit-DB VulDB
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-21873 HIGH POC PATCH This Week

NiceGUI versions 2.22.0 through 3.4.1 contain a cross-site DOM-based XSS vulnerability in the pushstate event listener for ui.sub_pages that allows attackers to manipulate URL fragment identifiers via iframe injection. Public exploit code exists for this vulnerability, and affected users should upgrade to version 3.5.0 or later as no patch is currently available for vulnerable versions.

Python Nicegui
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-21694 MEDIUM POC PATCH This Month

Unauthorized access control in Titra versions 0.99.49 and earlier enables authenticated users to view and modify time entries belonging to other users in private projects without proper authorization. Public exploit code exists for this vulnerability, affecting deployments that have not upgraded to version 0.99.50. The flaw allows authenticated attackers to compromise data integrity and confidentiality of other users' tracked time information.

Authentication Bypass Titra
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-65731 MEDIUM POC This Month

Dir-605L Firmware versions up to 6.02cn02 is affected by missing authentication for critical function (CVSS 6.8).

D-Link Dir 605l Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-61547 MEDIUM POC This Month

Print Shop Pro Webdesk versions up to 18.34 is affected by cross-site request forgery (csrf) (CVSS 6.8).

CSRF Print Shop Pro Webdesk
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-67091 MEDIUM POC This Month

Ax1800 Firmware versions up to 4.2.0 is affected by improper restriction of excessive authentication attempts (CVSS 6.5).

Authentication Bypass Ax1800 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-21885 MEDIUM POC PATCH This Month

Miniflux's media proxy endpoint is vulnerable to Server-Side Request Forgery (SSRF) in versions prior to 2.2.16, allowing authenticated users to craft malicious proxy URLs that force the application to fetch and expose responses from internal network resources including localhost and private IP ranges. An attacker with valid credentials can abuse this to access sensitive internal services and metadata endpoints by embedding specially crafted URLs in feed content. Public exploit code exists for this vulnerability, and no patch is currently available for affected installations.

SSRF Miniflux Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-22588 MEDIUM POC PATCH This Month

Spree e-commerce platform versions prior to 4.10.2, 5.0.7, 5.1.9, and 5.2.5 contain an authenticated insecure direct object reference vulnerability allowing logged-in users to access and retrieve address information belonging to other customers by manipulating address identifiers during order modification. Public exploit code exists for this vulnerability, which has been patched in the aforementioned versions.

Ruby Spree
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2019-25277 MEDIUM POC This Month

Facesentry Access Control System Firmware versions up to 5.7.0 is affected by cross-site scripting (xss) (CVSS 6.1).

PHP XSS Facesentry Access Control System Firmware
NVD
CVSS 3.1
6.1
EPSS
0.1%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy